bitwarden_workflow_linter 0.8.1__py3-none-any.whl → 0.9.0__py3-none-any.whl

bitwarden_workflow_linter/__about__.py

@@ -1,3 +1,3 @@
 """Metadata for Workflow Linter."""
 
-__version__ = "0.8.1"
+__version__ = "0.9.0"

bitwarden_workflow_linter/default_settings.yaml

@@ -1,21 +1,24 @@
 enabled_rules:
-  - id: bitwarden_workflow_linter.rules.name_exists.RuleNameExists
-    level: error
-  - id: bitwarden_workflow_linter.rules.name_capitalized.RuleNameCapitalized
-    level: error
-  - id: bitwarden_workflow_linter.rules.pinned_job_runner.RuleJobRunnerVersionPinned
-    level: error
-  - id: bitwarden_workflow_linter.rules.job_environment_prefix.RuleJobEnvironmentPrefix
-    level: error
-#   - id: bitwarden_workflow_linter.rules.step_approved.RuleStepUsesApproved
-#     level: error
-  - id: bitwarden_workflow_linter.rules.step_pinned.RuleStepUsesPinned
-    level: error
-  - id: bitwarden_workflow_linter.rules.underscore_outputs.RuleUnderscoreOutputs
-    level: warning
-  - id: bitwarden_workflow_linter.rules.run_actionlint.RunActionlint
-    level: warning
-  - id: bitwarden_workflow_linter.rules.check_pr_target.RuleCheckPrTarget
-    level: warning
+    - id: bitwarden_workflow_linter.rules.name_exists.RuleNameExists
+      level: error
+    - id: bitwarden_workflow_linter.rules.name_capitalized.RuleNameCapitalized
+      level: error
+    - id: bitwarden_workflow_linter.rules.pinned_job_runner.RuleJobRunnerVersionPinned
+      level: error
+    - id: bitwarden_workflow_linter.rules.job_environment_prefix.RuleJobEnvironmentPrefix
+      level: error
+    #   - id: bitwarden_workflow_linter.rules.step_approved.RuleStepUsesApproved
+    #     level: error
+    - id: bitwarden_workflow_linter.rules.step_pinned.RuleStepUsesPinned
+      level: error
+    - id: bitwarden_workflow_linter.rules.underscore_outputs.RuleUnderscoreOutputs
+      level: warning
+    - id: bitwarden_workflow_linter.rules.run_actionlint.RunActionlint
+      level: warning
+    - id: bitwarden_workflow_linter.rules.check_pr_target.RuleCheckPrTarget
+      level: warning
+    # Cannot add this in until the rule functionality is merged through to main
+    # - id: bitwarden_workflow_linter.rules.permissions_exist.RulePermissionsExist
+    #   level: warning
 
 approved_actions_path: default_actions.json

bitwarden_workflow_linter/lint.py

@@ -4,7 +4,6 @@ Workflows."""
 import argparse
 import os
 
-from functools import reduce
 from typing import Optional
 
 from .load import WorkflowBuilder, Rules
@@ -115,6 +114,7 @@ class LinterCmd:
         if len(findings) > 0:
             for finding in findings:
                 print(f" - {finding}")
+            print(f"Issues found by {len(findings)} rules in {filename}")
             print()
 
         max_error_level = self.get_max_error_level(findings)
@@ -162,9 +162,28 @@ class LinterCmd:
         files = self.generate_files(input_files)
 
         if len(input_files) > 0:
-            return_code = reduce(
-                lambda a, b: a if a > b else b, map(self.lint_file, files)
-            )
+            files_with_issues = []
+            return_code = 0
+            for file in files:
+                return_value = self.lint_file(file)
+                if return_value > 0:
+                    files_with_issues.append(file)
+                    return_code = max(return_code, return_value)
+
+            if len(files_with_issues) > 0:
+                newline = "\n"  # For compatibility with Python 3.11
+                print(
+                    f"""Found {len(files_with_issues)} file(s) with issues:
+  {f"{newline}  ".join(files_with_issues)}
+
+For help, refer to
+  - Workflow Syntax: \
+https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions
+  - Bitwarden Examples: \
+https://github.com/bitwarden/workflow-linter/tree/main/.github/workflows/examples")"""
+                )
+            else:
+                print("No issues found")
 
             if return_code == 1 and not strict:
                 return_code = 0

bitwarden_workflow_linter/models/workflow.py

@@ -27,6 +27,7 @@ class Workflow:
     name: Optional[str] = None
     on: Optional[CommentedMap] = None
     jobs: Optional[Dict[str, Job]] = None
+    permissions: Optional[object] = None  # This can be a CommentedMap or a string
 
     @classmethod
     def init(cls: Self, key: str, filename: str, data: CommentedMap) -> Self:
@@ -35,6 +36,7 @@ class Workflow:
             "filename": filename,
             "name": data["name"] if "name" in data else None,
             "on": data["on"] if "on" in data else None,
+            "permissions": data["permissions"] if "permissions" in data else None,
         }
 
         new_workflow = cls.from_dict(init_data)

bitwarden_workflow_linter/rules/permissions_exist.py

@@ -0,0 +1,43 @@
+"""A Rule to enforce that the required permissions are specified on every workflow"""
+
+from typing import Optional, Tuple
+
+from ..models.workflow import Workflow
+from ..rule import Rule
+from ..utils import LintLevels, Settings
+
+
+class RulePermissionsExist(Rule):
+    """
+    Rule to enforce that the required permissions are specified on every workflow.
+
+    To allow for keeping repository default GITHUB_TOKEN permissions to a minimum,
+    each workflow must specify the permissions block (including read).
+
+    This has 2 benefits:
+    1) When changing the default repository setting to a more restrictive one,
+       the workflows will not be affected.
+    2) It is clear to the user what permissions are required for the workflow to run.
+    """
+
+    def __init__(
+        self,
+        settings: Optional[Settings] = None,
+        lint_level: Optional[LintLevels] = LintLevels.NONE,
+    ) -> None:
+        self.message = (
+            "A top-level permissions section must be configured in the workflow."
+        )
+        self.on_fail = lint_level
+        self.compatibility = [Workflow]
+        self.settings = settings
+
+    def permissions_exist(self, obj: Workflow) -> bool:
+        if obj.permissions is None:
+            return False
+        return True
+
+    def fn(self, obj: Workflow) -> Tuple[bool, str]:
+        if not self.permissions_exist(obj):
+            return False, f"{self.message}"
+        return True, ""

{bitwarden_workflow_linter-0.8.1.dist-info → bitwarden_workflow_linter-0.9.0.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: bitwarden_workflow_linter
-Version: 0.8.1
+Version: 0.9.0
 Summary: Custom GitHub Action Workflow Linter
 Project-URL: Homepage, https://github.com/bitwarden/workflow-linter
 Project-URL: Issues, https://github.com/bitwarden/workflow-linter/issues
@@ -60,20 +60,20 @@ the below and create a `settings.yaml` in the directory that `bwwl` will be runn
 
 ```yaml
 enabled_rules:
-  - id: bitwarden_workflow_linter.rules.name_exists.RuleNameExists
-    level: error
-  - id: bitwarden_workflow_linter.rules.name_capitalized.RuleNameCapitalized
-    level: error
-  - id: bitwarden_workflow_linter.rules.pinned_job_runner.RuleJobRunnerVersionPinned
-    level: error
-  - id: bitwarden_workflow_linter.rules.job_environment_prefix.RuleJobEnvironmentPrefix
-    level: error
-  - id: bitwarden_workflow_linter.rules.step_pinned.RuleStepUsesPinned
-    level: error
-  - id: bitwarden_workflow_linter.rules.underscore_outputs.RuleUnderscoreOutputs
-    level: warning
-  - id: bitwarden_workflow_linter.rules.run_actionlint.RunActionlint
-    level: warning
+    - id: bitwarden_workflow_linter.rules.name_exists.RuleNameExists
+      level: error
+    - id: bitwarden_workflow_linter.rules.name_capitalized.RuleNameCapitalized
+      level: error
+    - id: bitwarden_workflow_linter.rules.pinned_job_runner.RuleJobRunnerVersionPinned
+      level: error
+    - id: bitwarden_workflow_linter.rules.job_environment_prefix.RuleJobEnvironmentPrefix
+      level: error
+    - id: bitwarden_workflow_linter.rules.step_pinned.RuleStepUsesPinned
+      level: error
+    - id: bitwarden_workflow_linter.rules.underscore_outputs.RuleUnderscoreOutputs
+      level: warning
+    - id: bitwarden_workflow_linter.rules.run_actionlint.RunActionlint
+      level: warning
 
 approved_actions_path: default_actions.json
 ```
@@ -187,7 +187,10 @@ By default, a new Rule needs five things:
 not support Rules that check against multiple objects at a time OR file level formatting (one empty between each step or
 two empty lines between each job)
 
-To activate a rule after implementing it, add it to `settings.yaml` in the project's base folder
+_IMPORTANT: A rule must be implemented and tested then merged into `main` before it can be activated.<br>_
+This is because the released version of bwwl will use the current `settings.yaml` file, but it will not have the new rule functionality yet and cause an error in the workflow linting of this repository.
+
+To activate a rule after implementing and releasing it, add it to `settings.yaml` in the project's base folder
 and `src/bitwarden_workflow_linter/default_settings.yaml` to make the rule default
 
 Before creating a new rule please read the [Workflow linter rule rollout process](./RULE_ROLLOUT.md) document in which you'll find the process for rolling out new workflow linter rules.

{bitwarden_workflow_linter-0.8.1.dist-info → bitwarden_workflow_linter-0.9.0.dist-info}/RECORD

@@ -1,29 +1,30 @@
-bitwarden_workflow_linter/__about__.py,sha256=LeOJJbXhsTU5QogIsNNh2VPPW_vI_w1MZ06yMA9VcsQ,59
+bitwarden_workflow_linter/__about__.py,sha256=ub5QYCamqV0NyTuwhUXuzDYRfqugcJMsH8foRBKHQlc,59
 bitwarden_workflow_linter/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 bitwarden_workflow_linter/actions.py,sha256=LAn3yQeMMmCOvJWeTn3dE1U2nyEJqIBMwESq3TtY9hE,9069
 bitwarden_workflow_linter/cli.py,sha256=wgkK1MlVbo6Zx3f2CZZ_tkSWq_hdsGciHJA1knX6Yuw,1699
 bitwarden_workflow_linter/default_actions.json,sha256=ssK4tTcaNJdJczfRK5jvEsUUGdk59xogKRntlHP2JTQ,12762
-bitwarden_workflow_linter/default_settings.yaml,sha256=1UqxfpeEgdp9qTaM03EheDXFy6opCb2SelA6fnie-04,910
-bitwarden_workflow_linter/lint.py,sha256=RDHv5jGeGCf5XIHE8jyqQET3-cFykl7223SQVS4Q3pg,5525
+bitwarden_workflow_linter/default_settings.yaml,sha256=nlI0V3GBqocx9x7Wy7Bpq-7zeIm07JnEB_HplcjvtLs,1136
+bitwarden_workflow_linter/lint.py,sha256=R0dXkwir0KzXFHWfWlqpH_CyBwa7O8wHSBTy560u94g,6322
 bitwarden_workflow_linter/load.py,sha256=FWxotIlB0vyKzrVw87sOx3qdRiJG_0hVHRbbLXZY4Sc,5553
 bitwarden_workflow_linter/rule.py,sha256=Qb60JiUDAWN3ayrMGoSbbDCSFmw-ql8djzAkxISaob4,3250
 bitwarden_workflow_linter/utils.py,sha256=wMrq5_gAprbGYPdwbn8fL316aeVG2rGEDV1I7NMl4LE,4717
 bitwarden_workflow_linter/models/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 bitwarden_workflow_linter/models/job.py,sha256=d4F0QG35DqaqgfbPa2YDRRxOZZakFDktIOsuUa-BbC8,2387
 bitwarden_workflow_linter/models/step.py,sha256=j81iWYWcNI9x55n1MOR0N6ogKaQ_4-CKu9LnI_fwEOE,1814
-bitwarden_workflow_linter/models/workflow.py,sha256=Jr1CJSCpII9Z4RT6Sh1wjzZU6ov3fZt45BmTrfLNLLE,1479
+bitwarden_workflow_linter/models/workflow.py,sha256=lIgGI2cDwC2lTOM-k3fqKgceLdSJ6vhTLCAhaeoD-fc,1645
 bitwarden_workflow_linter/rules/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 bitwarden_workflow_linter/rules/check_pr_target.py,sha256=9BHztMzSedmIiFil_qVb3h93-6ku8X8vx06s2FozxHo,3547
 bitwarden_workflow_linter/rules/job_environment_prefix.py,sha256=bdE8l4B5DQiCFVmblXTs4ptsHPGvjhJrR5ONo2kRY2U,2757
 bitwarden_workflow_linter/rules/name_capitalized.py,sha256=lGHPi_Ix0DVSzGEdrUm2vAEQD4qQ8dxU1hddsCdqA2w,2126
 bitwarden_workflow_linter/rules/name_exists.py,sha256=kdMIURN3u8qdDvw6YKxg7VF5bkzGxVVXAO3KAqY1-54,1826
+bitwarden_workflow_linter/rules/permissions_exist.py,sha256=_qOonJ0tyIH3Wp0e-0cppyVIbY9Sr7DuZPZdwxjYMaI,1432
 bitwarden_workflow_linter/rules/pinned_job_runner.py,sha256=VPQfMu3SgIFdl-B8wOXzzK6tMx2hWWSJbKL5KG3xcaI,1751
 bitwarden_workflow_linter/rules/run_actionlint.py,sha256=K-RLQRXs591Ud_kiNQHhIJf5mU59HtnR2qrhW-HamlQ,3806
 bitwarden_workflow_linter/rules/step_approved.py,sha256=4pUCrOlWomo43bwGBunORphv1RJzc3spRKgZ4VLtDS0,3304
 bitwarden_workflow_linter/rules/step_pinned.py,sha256=MagV8LNdgRKyncmSdH9V-TlIcsdjzoDHDWqovzWon9E,3559
 bitwarden_workflow_linter/rules/underscore_outputs.py,sha256=LoCsDN_EfQ8H9n5BfZ5xCe7BeHqJGPMcV0vo1c9YJcw,4275
-bitwarden_workflow_linter-0.8.1.dist-info/METADATA,sha256=NnlT9ESOxLxhH5jciGb1hgwPcXAGeaIZrM-wnHlLzLA,6602
-bitwarden_workflow_linter-0.8.1.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-bitwarden_workflow_linter-0.8.1.dist-info/entry_points.txt,sha256=SA_yF9CwL4VMUvdcmCd7k9rjsQNzfeOUBuDnMnaO8QQ,60
-bitwarden_workflow_linter-0.8.1.dist-info/licenses/LICENSE.txt,sha256=uY-7N9tbI7xc_c0WeTIGpacSCnsB91N05eCIg3bkaRw,35140
-bitwarden_workflow_linter-0.8.1.dist-info/RECORD,,
+bitwarden_workflow_linter-0.9.0.dist-info/METADATA,sha256=j237wBsOz9BzlIufH0IpQWdJBJnn4WGUKEtevK9w_aA,6955
+bitwarden_workflow_linter-0.9.0.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+bitwarden_workflow_linter-0.9.0.dist-info/entry_points.txt,sha256=SA_yF9CwL4VMUvdcmCd7k9rjsQNzfeOUBuDnMnaO8QQ,60
+bitwarden_workflow_linter-0.9.0.dist-info/licenses/LICENSE.txt,sha256=uY-7N9tbI7xc_c0WeTIGpacSCnsB91N05eCIg3bkaRw,35140
+bitwarden_workflow_linter-0.9.0.dist-info/RECORD,,